List of URLS where parent certificate can be downloaded,
in case the parent CA is not root CA. Usually sub-CA certificates
should be provided during key-agreement (TLS). This setting
is for situations where this cannot happen or for fallback
for badly-configured TLS servers.

show

Display contents of CSR or CRT file.

Private Key Protection

Private keys can be stored unencryped, encrypted with PGP, encrypted with password or both.
Unencrypted keys are good only for testing. Good practice is to encrypt both CA and
end-entity keys with PGP and use passwords only for keys that can be deployed to servers
with password-protection.

For each key, different set of PGP keys can be used that can decrypt it:

Compatibility notes

Although SysCA allows to set various extension parameters, that does not
mean any software that uses the certificates actually the looks
or acts on the extensions. So it’s reasonable to set up only
extensions that are actually used.